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METHOD AND APPARATUS FOR EFFICIENT AUTHENTICATION 
AND INTEGRITY CHECKING USING HIERARCHICAL HASHING 

A. Field of the Invention 

This invention generally relates to data corruption detection and, mote particularly, to a 
method and apparatus for efficient authentication and integrity checking in data processing using 
hierarchical hashing. 

B. Description of the RelatRri Art 

Certain types of business activities create the need to transfer information in a secure 
manner. For instance, banks periodicaUy "backup" their conq>uter files to a remote central 
database and need to know that these files were successfully copied to the remote database 
without having been changed or corrupted during the process. Video conferencing is another 
example of an application that demands the secure transmission of information 
(video/voice/data). 

Open networks such as the Intemet provide simple and effective mea^ for digital 
communication. However, such communication can be unintentionally corrupted by network 
transmission errors or altered by malicious acts. Several conventional techniques guard against 
these communication problems. These techniques require applying checksums or digital 
signatures to data before transmission and verifying the checksum or digital signature upon 
receipt. 

Checksums, values derived ftom the data, are typically easy to compute. After 
computing the checksum, a transmitting machine sends the checksum with the data itself. A 
receiving machine then recalcuUtes the checksum torn the received data and compares the 
calculated checksum with the received checksum. However, a hacker with the ability to modify 
data likely also has the abUity to replace the original checksum with arecalculated checksum that 
corresponds to the modified data. 

Digital signatures protect against malicious acts intended to corrupt data but are more 
expensive than checksums to compute. The protection provided by digital signatures becomes 
increasingly important in networiced environments where data must pass through unguarded 
points. 
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Digital signatures are o&sa used in a bulk signature format in wiiich a digital signature 
is applied to a complete data set However, the bulk signature format has several drawbacks. 
The process of confirming the digital signature operates on the whole data set Bulk signature 
algorithms cannot identify the portion of the data that was corrupted. This leads to increased 
cost since the data, if corrupted, must all be sent again. 

If the data is communicated in discrete packets signed with a bulk signature, detecting 
corruption or invalid packets inserted by a hacker also carries a high cost It requires waiting for 
the receipt of at least one copy of each sequence numbor of packets. At this point, the signature 
can be checked. The mtegrity of the bulk signature cannot be checked until all of the packets 
are received, TTiis aspect creates a time delay relative to the size of the data set If several 
packets with the same sequence number and different contents are received, one is a forg^y. 
Then, to detect which one is the valid copy of any given sequence number if a forgery is inserted, 
each copy of that sequence number would have to be conqiared with all the valid packets of the 
sequoice. 

A method called packet-level signature addresses this problem. The packet-level 
signature method assigns a digital signature to each mdividual packet. Although allowing the 
verification to begin as the individual packets are received making it easy to identify individual 
corrupted packets, this method requires additional conq)utation and repeated checking of the 
digital signatures, which is quite time-consuming. 

A conventional hierarchical hashing technique for neighboring databases on a local area 
network (LAN) allows a database managemoit system to check if the databases are identical by 
hashing pieces of the database. The hashes are then hashed, and the final value is broadcast 

pmodicaUy to confinn that aU neighbors on the LAN have identical databases. Iftheydonot, 
the next hash level is compared until the area of the database that differs is located, at which tune 
it can be updated accordmgly. However, this systMi does not deal with the application of a 
single digital signature to protect an arbitrary amount of data agahast both malicious errors and 
unintentional errors. Currently, there is no system that allows a single digital signature to apply 
to an arbitrary amount of data and allows the data to be verified as it is received. 
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There is, therefore, a need for a system that protects against unintentional data conuption 
and malicious acts that cause enors in data processing and allows data to be checked as it is 

received. AdditionaUy, die need exists for a system that provides information regarding which 
section of data was corrupted whUe keeping a low computational overhead. 

SUMMARY nv THE TlSfVKNrn() 
Creating a hierarchy of hash values that start with packet hashes of an arbihBry data set 
and cuhninate in a single signed block aUows a single digital signature to protect the data set 
fiombothdatacomq)tionandmaUciousactsthatcauseerrorsindataprocessing. Receiving this 

hierarchy ofhashes before die data also aUows the datapackets to be quickly verified as they^ 
received. The hierarchical structure used in the method cryptographically protects individual 
portions of the data and makes it easier to reco'gnize corruption. Systems consistent widi the 
present invention verify portions of the data even if otiier portions of the data are corrupt or have 
not yet been received. 

In accordance vn± the present invention, as embodied and broadly described herein, a 
computer-implemented data processing meUiod comprises tiie steps of dividing a data set into 
packeB, hashing tiie data within each of the packets to produce a hash block including hash 
values and applying a signature to the hash block. 

In accordance witii another aspect of the present invention, as embodied and broadly 
described herein, a computer-implemented data processing method comprises the steps of 
receiving a packet including data, a hash block and a digital signature, verifying the digital 
signature, hashing the data to produce hash values and comparing the hash values to values in 
the hash blodc. 

BRIEF DRSri^ TPTr nN OF THE ni^ 4^ P.g 
The accompanying drawings, which are incorporated in and constitute a part of this 

specification, iUustialeanembodimentoftheinventionand, together withthe description, serve 
to explain the advantages and principles of the invention. In the drawings, 

no. 1 is a schematic block diagram iUustrating a computer architecture suitable for use 
with the present invention; 

FIG. 2 is a flowchart of die steps used to digitalfy sign the hash block in accordance with 
an implementation of die present invention; 
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FIG, 3 is a flowchart of the stq)s used to verify the data m accordance with an 
inq)lementation of the present invention; 

FIG. 4 is a diagram of an example of the hashing of a sample data set and signing of a 

» 

hash block; and 

no. 5 is a diagram of a sample hierarchical structure of hash blocks and data based on 
the data set in Fig. 4. 

DETAILED DESCRIPTION 
Reference will now be made in detail to a system and method consistent with the present 
invention. Wherever possible, the same reference numbers will be used throughout the drawings 
and the following description to refer to the same or like parts. 
Overview 

Systems consistent with the present invention generally perform two data processing 
functions: (1) signing data and (2) verifying data. Such systems generally sign data by creating 
a hierarchical structure of hash blocks, sequences of hash values, which correspond to the given 
data. To accomplish this, a data set is divided into packets. A one-way, collision-proof hash 
function is applied to each packet which will result in a sequence of hash values. These hash 
values are grouped into packets, referred to as hash blocks. Higher level hash blocks are oeated 
by hashing the hash blocks. ITiis process continues until a single hash block small raough to fit 
in a packet is achieved. The top level hash block, the smallest one, is signed with a digital 
signature. The hash blocks and data are then transmitted to an intended destination such as a 
network node. 

Systems consistent with the present inv^tion generally verify the data set by nhgcking 
the digital signature on the top level hash block. Once the top level hash block is verified, the 
next lower level hash block can be verified by comparing the hash of the packets of that hash 
block against the hashes stored in the top level block. All lower level hash blocks are checked 
against the ne3ct higho: level hash blocks in the same manner. Finally, the data is checked 
against the hash block containing the hashes of the data set Any given data packet can be 
checked once all hash blocks above it are received. 
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Compoter Architecture 

Figure 1 is a block diagram that iUustrates a conq)uter system 100 upon which an 
embodiment of the invention may be implemented. Computer system 100 includes a bus 102 
or other communication mechanism for communicating information, and a processor 104 
coupled with bus 1 02 for processing information. Computer system 100 also includes a main 

memoryl06,suchasarandomaccessmemory (RAM) orotherdynamicstoragedevice, coupled 
to bus 101 for storing information and instructions to be executed by processor 104. Main 
memory 1 06 also may be used for storing temporary variables or other intermediate information 
during execution ofinstructions to be executed by processor 104. Computer system lOOfiirther 
includes a read only memory (ROM) 108 or other static storage device coupled to bus 102 for 
storing static information and instructions for processor 104. A storage device 1 10. such as a 
magnetic disk or optical disk, is provided and coupled to bus 102 for storing information and 
instructions. 

Computer system 100 may be coupled via bus 102 to a display 1 12, such as a cathode 
ray tube (CRT), for displaying information to a computer user. An input device 1 U, including 
alphanumeric and other keys, is coupled to bus 102 for communicating information and 
command selections to processor 104. Another type of user input device is cursor control 1 16, 
such as a mouse, a trackbaU or cursor direction keys for communicating direction information 
and command selections to processor 104 and for controlling cursor movement on display 1 12. 
This input device typically has two degrees of freedom in two axes, a first axis (e.g., x) and a 
second axis (e.g.. y), that allows the device to specify positions in a plane. 

The invention is related to the use of computer system 100 for signing data and verifying 
data. According to one embodiment of the invention, signed or verified data is provided by 
computer system 1 00 in response to processor 104 executing one or more sequences of one or 
more instructions contained in main memory 106. Such instructions may be read into main 
memory 106 fix>m another computer-readable medium, such as storage device 110. Execution 
ofthesequencesofinstructionscontainedmmain memory 106 causes processor 104 to perform 
the process steps described herein. In an alternative embodiment, hard-wiied circuitry may be 
used in place of or in combination with software instructions to implement the invention. Thus 
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embodiments of the invention are not limited to any specific combination of hardware circuitry 
and software. 

The temi "computer-readable medium" as used herein refer to any media that participates 
in providing instructions to processor 1 04 for execution. Such a medium may take many forms, 
including but not limited to, non-volatile media, volatile media, and transmission media. Non- 
volatile media includes, for example, optical or magnetic disks, such as storage device 1 10. 
Volatile media includes dynamic mraiory, such as main memoiy 106. Transmission media 
includes coaxial cables, copper wire and fiber optics, includmg the wires that comprise bus 1 02, 
Transmission media can also take the form of acousdc or light waves, such as those generated 
during radio-wave and infira-red data communications. 

Common forms of computer-readable media include, for example, a floppy disk, a 
flexible disk, hard disL magnetic tape, or any other magnetic medium, a CD-ROM, any oibsr 
optical medium, punchcards, papertape, any other physical medium with patterns of holes, a 
RAM, PROM, and EPROM, a FLASH-EPROM, any other mraiory chip or cartridge, a carrier 
wave as described hereinait^, or any other medium firom which a cotnpixtcc can read. 

Various forms of compute readable media may be involved in carrying one or more 
sequences of one or more instructions to processor 104 for execution. For example, the 
instructions may initially be carried on magnetic disk of a remote computer. The remote 
computer can load the instructions into its dynamic memory and send the instructions over a 
telephone line using a modem. A modem local to computer system 100 can receive the data on 
tiietelq)hone line and use an mfia^ed transmitter to convert the data to an An 
infira-red detector coiq)led to bus 1 02 can receive the data carried in the infia-red signal and place 
the data on bus 102. Bus 102 carries the data to main memoiy 106, &om which processor 104 
retrieves and executes the instructions. The instructions received by main memoiy 106 may 
optionally be stored on storage device 1 10 either before or after execution by processor 104. 

Computer system 1 00 also includes a communication interfile 1 1 8 coupled to bus 1 02. 
Communication intetfiice 118 provides a two-way data communication coiqiling to a network 
link 1 20 that is connected to local network 1 22. For example, communication interfece 1 1 8 may 
be an integrated services digital network (ISDN) card or a modem to provide a data 
communication connection to a corresponding type of telephone hne. As another example. 
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communication interfiace 118 may be a local area network (LAN) caid provide a data 
communication connection to a compatible LAN. Wireless links may also be implemented. In 
any such implementation, conmiunication interface 118 sends and receives electrical, 
electromagnetic or optical signals that carry digital data streams representing various types of 
information. 

Network link 1 20 typically provides data communication through one or more networks 
to otiier data devices. For example, network link 120 may provide a connection through local 
network 122 to a host computer 124 or to data equipment operated by an Internet Service 
Provider (ISP) 126. ISP 126 in turn provides data communication services tiirough the worid 
wide packet data conmiunication network now commonly referred to as the "Internet" 128. 
Local network 122 and Internet 128 both use electric, electromagnetic or optical signals that 
carry digital data streams. The signals through the various networks and the signals on network 
link 120 and through communication interface 1 18^ which carry tiie digital data to and ftom 
computer system 100, are exemplary forms of carrier waves transporting the information. 

Computer system 100 can send messages and receive data, including program code, 
tiirough the network(s), network Imk 120 and communication interface 118. In the Internet 
example, a server 130 might transmit a requested code for an application program through 
Internet 128, ISP 126, local network 122 and communication interface 1 18. In accordance with 
the invention, one such downloaded application provides the data processing operations 
described herein. For example, data to be stored on computer-readable medium or transmitted 
to a remote device may be signed in accordance with the principles of the present invention. 
Additionally, data retrieved from a computer-readable medium or received from a remote device 
may be verified in accordance with the principles of the present invention. 

The received code may be executed by processor 104 as it is received, and/or stored in 
storage device 1 10, or otiier non- volatile storage for later execution. In tiiis manner, computer 
system 100 may obtain application code in the form of a carrier wave. 
Hierarchical Hashing 

Systems consistent with the present invention utilize a one-way, collision-proof hash 
function to transform data of arbitrary length into a fixed length hash value. One-way hash 
functions also have otiier characteristics. For example, it is relatively simple to apply tiie 
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function to a given data set or message to compute the hash value for that set However, given 
a hash value it is difficult to determine a data set that would produce the same hash value if the 
hash function was applied to that data set 

In regaids to hash functions, collision-resistance means it is unlikely for two random 
messages to have the same hash value for the same function. One way and collision-resistant 
hash functions are described in detail in C. Kaufinan, R, Perhnan, M. Specine, "Network 
Security: Private Communication in a Public World," Prentice Hall, 1995. 

(1) Signing Data 

Fig. 2 is a flowchart of the steps used in the signing procedure of hierarchical hashing. 
Systems consistent with the present invention generally begin the hashing process by dividing 
the data set into small packets (step 2 1 0). The packet boundaries are generally arbitrary but, for 
more efficient use, should correspond to likely boundaries between good and corrupt datfl 
Network datagram boundaries or disk sectors are examples of suitable boundaries. 

Once the data is broken into packets, a collision-proof, one-way hash function is qyplied 
to each packet (step 220). Each application of the hash function wiU produce a single hash 
value. The application of the hash function to each of the data packets will produce a sequence 
of hash values. This sequence is called a hash block (step 230). 

If the hash block created by the application of the hash function to the data packets is too 
large to fit in a single packet along with the digital signature (step 240), the hash block must be 
finther broken down. The hash block itself is divided into packets (steps 245). The hash 
function is applied to each packet Once again, the ^pUcation of the hash function to the 
packets will produce a sequence of hash values. This new hash block will be smaller than the 
previous hash block and will be refoied to as the next higher level hash block. If the next higher 
level hash block is too large to fit into a single packet with the digital signature, a new smaller 
hash block of a higher level is created by repeating steps 220-24S. 

The process of breaking down the hash block is repeated until the resulting hash block 
can fit in a single packet witii the digital signature (step 240). This top level hash block 502 (see 
Fig. 5) is the smaUest hash block. The hash block fiom which the top level hash block was 
created is referred to as the next level down hash block 50 1 , with the complete structure of hash 
blocks forming a hi^archy of hash blocks 510. 
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If, however, the hash block originaliy created by the hashing of the data packets (step 
230) is small enough to fit in a single packet with the digital signature, there is no need to go 
through the steps of breaking down the hash block and creating another higher level hash block 
and the top level hash block remains the only hash block. 
5 Systems consistent with the present invention apply a digital signature to the top level 

hash block packet (step 250). No signature need be applied to any of the other hash blocks or 
data packets. The single digital signature applied to the top level packet is sufScient to verify 
all of the data. If extraordinary redundancy is desired, lower level hash blocks may be signed. 
These signatures would only be used if the top level hash block was com^ted and could not be 
10 recovered. 

In one implementation for data transmission, the packets are transmitted in order 
beginning with the top level hash block packet (step 260), followed by each of the larger hash 
blocks (steps 270, 275, 280), and finally the data (step 280). For the fiistest verification, 
however, the hash block packets and the data packets may be intermingled and need not be sent 
1 5 with all hash blocks first, but the top level packet should be sent first and lower level hashes be 

sent before the data they represent because then- contents will need to be checked first, as 
explained below. 

In accordance with the data signing procedure, the top level hash block packet with the 
single digital signature, the hierarchy of lower level hash blocks, and the data are sent to a 
20 receiver. This is all the information needed to protect the data. 

(2) Verifying Data 

Fig. 3 is a flowchart of the steps used in the data receiving and verification procedure for 
systems consistent with the present invention. To verify data, the digital signature on the top 
level packet must be verified first (step 320). If the signature fails this verification step or it is 
25 determined that the packet was corrupted during transmission, the top level packet must be 

repaired or recovered before checking the other packets (steps 330, 335). If lower level hash 
blocks were signed for extraordinary redundancy, their signatures may be checked in this case 
to allow verification to proceed. 
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Once a hash block is received and verified, data packets that depend on it may be verified 
(step 3 40) by computing the hash of the packet and comparing it with the hash value stored in 
the hash block (step 350). If this check Ms, the data packet is corrupt and should be repaired 
or recovered (stqp 350). Of course the verification process must use the same hash function used 
to sign the data. 

If it is determined that additional hash blocks are e3q)ected (step 360), the packets of 
dxese hash blocks are then received and verified (step 370). The hash function is applied to each 
packet to derive its hash value. The hash value derived firom the received hash block packet is 
compared with the one stored m the received top level hash block. If the comparison foils, the 
packet is corrupt and must be repaired or replaced before any packets that depend on this hash 
block can be verified (step 370). 

If other hash blocks are cxpectsA, the hashes of the packets of each lower level hash 
block arc compared widi the values stored in the hash block in the level above. If this 
VCTification step fails, the packet is corrupt and must be repaired or recovered before any packets 
that depend on this packet can be verified. However, other packets m the hash block can be 
vmfied 
Examples 

Reference will now be made to Figs. 4 and 5 to explain the procedures for hierarchical 
hashing and verification using examples. Figure 4 is a block diagram of example of the hashmg 
of a sample set of data and signing of a hash blocL Figure 5 is a diagram of a sample 
hierarchical structure of hash blocks and data based on the data in Fig . 4. In both Figs . 4 and 5 , 
(whcrei= 1 ,2,3 .. .) represents data values while B, and represent hash values m different hash 
blocks. The packet size and amount of data m this sample is completely arbitrary. Thus, 
additional levels of hash blocks may be utilized depending on the size of the data and the 
selected hash function* 

Given an initial data sequence of data values 40 1 , the data values are divided into data 
packets 402a-f. The present example shows 1 8 data values, A, though A,,, divided into six 
packets with three data values in each packet A one-wi^, collision-proof hash function 403 is 
^lied to the data packets 403 . The hashing of each data packet results in a single hash value. 
For mstancc, the hashing of the data packet A„ Aj, A3 in this case yields value B,. 
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The hash values derived fiom the data packets, B, through Bj, form a hash block (404). 
In this example, the sequence of hash values in the hash block will not fit in a single packet with 
a digital signature so they are divided into two packets 404a and b of three hash values: B, B, 
and Bj form one padcet 404a and B4, Bj, and B^ form the second packet 404b. 

A one-way, collision-proof hash function 405 is then appUed to the hash block packets 
405. Each hash block packet will form another hash value. For example, the packet B„B2,B3 
will create the hash value C,. These hash values, C, and Cj. form another hash block 406. This 
one, howev^, is small enough that it does not need to be broken down any fiirther. Finally, the 
last hash block C„ C2, is signed wifli a digital signature 407 and results in the top level hash 
block with a digital signature 408. In this manner, the signing procedure (Fig. 2) is applied to 
data sequence 401 to generate top level hash block 408 and the next level hash block 404. 

Data verification begins with checking the digital signature on the top level hash block 
502. If the top level hash block 502 passes this check, the next level hash block 501 is verified. 
A hash fonction (not shown) is appUed to each packet and compared with the conesponding hash 
value in the hash block in the level above it For example, the packets 501a and b of the hash 
block501,B, thn)ughB6,arechecked with the values stored in the other hash block 502, C, and 
Cj. In the sample in Fig. 5, the hash of the packet B„ B^, B, would be compared with the value 
C,. If the check fails, the packet B„ B^, B3 is comq)t and must be repaired or replaced before 
any packets that depend on it can be verified, in this case, data values A, through A„ 500a-c. 

The other hash block packet can be vaified and remains unaffected by the corruption of 
the previous hash block packet For instance, in Fig. 5, even if the first packet 501a in the hash 
block, B „ B2, B3. was damaged, the second packet 50 1 b in the same hash block, B<, B j, B^, could 
still be checked by comparison of the hash of the packet 501b with the value Cj. 

The data packets are checked in the same manner. For example, the data packet A,,, A, „ 
A,2 would be checked by comparing the hash of the data packet 500d with the value B4. If this 
check fails, the data packet A,o, A,„ A,2, is corrupt However, the other data packets can still 
be verified. For an arbitrary example, in Fig. 5, even if the fourth packet 500d in the data, A.o, 
A,„ A,j, was corrupt the fifth packet 500e in the data A,3, A,4, A,5 could still be checked by 
comparison of the hash of the data packet with the value Bj. In this manner, the data receiving 
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and verification procedure (Fig. 3) is applied to the top level hash block 502 to verify data set 
500. 

According to the present invention, data packets may be verified even if the data is sent, 
received or retrieved out of order. Systems consistent with the present invention need not wait 
for all of the packets to be delivored to verify a data packet. Any packet can be verified as long 
as the hash block for that packet has been received and verified. This effectively reduces the 
delay time to the amount of time required to compute the hash and compare it to die value stored 
m its corresponding hash block. This delay time is mudi less than bulk signature's delay time 
in which all packets must be received before any can be verified The computational overiiead 
is less dian packet-level signature. 

The choice of when to send a hash block can save time. For instance, the second packet 
in a hash b lock need not be sent until after the packets that depend on the first packet in the hash 
block. This implementation can save the delay time of sending all of the hash blocks first. 
Conelusion 

Hierarchical hashing consistent widi the present mvention protects agamst malicious 
modification of data, while checksums do not It also allows a single digital signature to apply 
to an arbitrary amount of data, wiiich packet-level signature does not The structure pennits 
verification of data as it is received, thus eliminating the delay time of waiting for all of the data 
to be received as in bulk signature methods. Although the data can be vmfied as it is received, 
systems consistent with the present mvention do not have the high computational overhead 
associated witii individual packet sigmng. Additionally, die data need not be received or sent 
in any particular order for verification to begiiL 

The hierarchical structure allows for recognition of com^)! individual packets or sections 
of data. The other packets tiiat arc not corrupt can be used and are unaffected by the corrupt 
packets. Additionally, otiier packets tiiat are unverified can be verified even though some 
packets may be corrupt Cornq)t packets can be repaked or recovered while otiicr padcets are 
being checked. Total replacement of die data is not needed as in bulk signature mediods, tiius 
creating greater efBciency and reducing time expcDdesd. 
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In summary, systems consistent with the present invention thus allow a single digital 
signature to protect an arbitrary amount of data, while cryptographically protecting individual 
portions of die data. To accomplish this, a hierarchy of hash values representing the data is built, 
and die top level of hashes are signed and sent After receipt, the digital signature on the hash 
values is checked. The data, upon receipt, is checked against the hash values that corresponded 
to the data. 

The foregoing description of an implementation of the invention has been presrated for 
purposes of illustration and description. It is not exhaustive and does not limit the invention to 
the precise form disclosed. Modifications and variations are possible in light of the above 
teachings or may be acquired from practicing of the invention. The scope of the invention is 
defined by the claims and their equivalents. 



SUBSTITUTE SHEET (Rule 26) 



:i 



wo 99/40702 



PCT/US99/02417 



14 

WHATISCLAIMFPLS^ 

1 . A computer implemented data processing method comprising the steps of: 
dividing a data set into packets; 

hashing the data within each of the packets to produce a hash block including hash 
values; and 

applying a signature to the hash block. 

2. The metiiod of claim 1 , wherem the applying step includes the substep of 
appendmg a digital signature to hash block. 

3. The method of claim 1 further comprising the stq) of: 
transmitting the data set and hash block. 

4. The method of claim 1 , wherein the hashing step includes the substep of 
determining whether the hash values fit into a single packet 

5. The method of claim 1 , wherein the hashing step includes the substep of 
applying a collision-proof hash function. 

6. The mediod of claim 1, wherein die hashing step includes the substeps of 

(a) separating the hash values into packets; and 

(b) applying a hash function to each of the packets. 

7. The method of claim 6, further comprising the stqp of 

repeating steps (a) and (b) until the resulting hash values fit into a single packet 

8. The method of claim 7, wherein the resulting sequence of hash values from each 
iteration of the steps (a) and (b) is smaller tiian the previous sequence of hash values, 

9. The metiiod of claun 8, wherein tiie packet size is large enough to hold at least 
two hash values. 

1 0. A con^uter implemented data processing method comprising tiie steps of: 
receiving a packet including data, a hash block and a digital signature; 
verifying the digital signature; 

hashing the data to produce hash values; and 
comparing the hash values to values in the Hugh block. 
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11. A computer implemented data processing method comprising the steps of: 
signing^ with a digital signature, a hash block corresponding to a data set; 
sending the data and the hash block fix>m a source to a destination; 

upon receipt at the destination, checking the digital signature on the hash block; 
applying the hash function to the received data set; and 

comparing the hashes of the received data with the hash values stored in the hash block. 

12. The method of claim 1 1, wherein the signing step includes the substep of 
separating the data set into packets. 

13. The method of claim 1 1, wherein the applying step includes the substep of 
utilizing a colIision*proof hash function. 

14. The method of claim 12, vdierein the packet size is at least large enough to hold 
2 hash values. 

15. The method of claim 1 1 , wherein the signing step includes the substeps of 

(i) separating the hash block into packets; and 

(ii) applying a hash function to the packets to create a second hash block. 

"16. The method of claim 15, wherein the steps (i) and (ii) are repeated until the 
resulting hash block can fit in a single packet with a digital signature. 

1 7. A data processing apparatus comprising: 

a dividing component configured to divide a data set into packets; 
a hashing component configured to hash the data within each of the packets to pioduce 
a hash block including hash values; and 

an applying component configured to apply a signature to the hash block. 

1 8. The apparatus of claim 1 7, wherein the applying component includes: 
an appending component configured to append a digital signature to hash block. 

19. The apparatus of claim 1 7 further comprising: 

a transmitting component configured to transmit the data set and hash block. 

20. The iq}paratus of claim 1 7, wherein the hashing component includes: 

a determining component configured to determine whether the hash values fit into a 
single packet. 
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2 1 . The apparatus of claim 1 7, wherein the hashing cx)mponent includes: 
an applying component configured to apply a collision-proof hash function. 

22. The apparatus of claim 1 7, whorein the hashing component includes: 

(a) a separating conq>onent configured to separate the hash values into pack^; and 



(b) an applying componait configured to apply a hash function to eachof thepackets. 

23. The apparatus of claim 22, further con^)rising: 

a performing component configured to perform the functions of components (a) and (b) 
repeatedly until the resulting hash values fit into a single packet 

24. A data processing apparatus comprising: 

a receiving componrat configured to receive a packet includmg data, a hash block and 
a digital signature; 

a verifying component configured to verify the digital signature; 

a hashing component configured to hash the data to produce hash values; and 

a comparing component configured to compare the hash values to values in the hash 

block. 

25. A data processing s^paratus comprising: 

a signmg component configured to sign, with a digital signature, a hash block 
corresponding to a data set; 

a sending component configured to send the data and the hash block from a source to a 
destination; 

a checking component configured to, iqwn receipt at the destination, check the digital 
signature on the hash block; 

a q)plying component configured to apply the hash function to the received data set; and 
a comparing component configured to compare the hashes of the received data with the 
hash values stored in the hash block. 

26. The apparatus of claim 25, wherein the signing component incliKies: 
a signing component configured to divide the data set into packets. 

27. The ^paratus of claim 25, wherein the applying component includes 
a component configured to utilize a collision-proof hash function. 
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28. The apparatus of claim 26, wherein the packet size is at least large enough to hold 
2 hash values. 

29. The ^paratus of claim 25, wherein the signing component includes: 

(i) a separating component configured to separating the hash block into packets; and 

(ii) an applying component configured to apply a hash function to the packets to 
create a second hash block. 

30. The apparatus of claim 29, fiirther including 

a performing component configured to perform the fimctions of components (I) and (ii) 
repeatedly until the resulting hash block can fit in a single packet with a digital signature. 

3 1 - A computer product comprising a computer readable medium having computer 
readable code embodied therein for processing data, the computer readable medium comprising: 

a dividing module configured to divide a data set into packets; 

a hashing module configured to hash the data within each of the packets to produce a 
hash block including hash values; and 

an applying module configured to apply a signature to the hash block. - 

32. The product of claim 3 1 , wherein the applying module includes: 

an appending module configured to append a digital signature to hash block, 

33. The product of claim 3 1 fiirther comprising: 

a transmitting module configured to transmit the data set and hash block. 

34. The product of claim 3 1 , wherein the hashing module includes: 

a determining module configured to determine whether the hash values fit into a single 

packet. 

35. TTie product of claim 3 1 , wherein the hashing module includes: 
an applying module configured to apply a collision-proof hash fimction. 

36. The product of claim 3 1 , wherein the hashing module includes: 

(a) a separating module configured to separate the hash values into packets; and 

(b) an applying module configured to apply a hash fimction to each of the packets. 

37. The product of claim 36, further comprising: 

a performing module configured to perform the fimctions of modules (a) and (b) 
repeatedly until the resulting hash values fit into a single packet. 
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38. A computer product comprising a computer readable medium having computer 
readable code embodied therein for processing data, the computer readable medium comprising: 

a receiving module configured to receive a packet including data, a hash block and a 
digital signature; 

a verifying module configured to verify the digital signature; 

a hashing module configured to hash the data to produce hash values; and 

a comparing module configured to compare the hash values to values in the hash block. 

39. A computer product comimsing a computer readable medium having computer 

readable code embodied therein for processing data, the computer readable medium comprising: 

a signing module configured to sign, with a digital signature, a hash block corresponding 
to a data set; 

a sending module configured to send the data and the hash block &om a source to a 
destination; 

a checking module configured to, upon receipt at the destination, check the digital 
signature on the hash block; 

anapplying module configured to q)ply the hash fimction to the received data set; and 
a comparing module configured to compare tiie hashes of the received data with the hash 
values stored in the hash block. 

40. The product of claim 39, wherein the signing module includes: 
a signing module configured to divide the data set into packets. 

41 . The product of claim 39, wherein the qiplying module includes 
an applying module configured to utilize a collision-proof hash fimction. 

42. The product of claim 40, whcrdn the packet size is at least large enough to hold 
2 hash values. 

43. The product of claim 39, ^iierein the signing module includes: 

(0 a separating module configured to separate the hash block into packets; and 
(ii) an applying module configured to apply a hash fimction to the pack^ to acatc 
a second hash block. 
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44. The product of claim 43, further including 

a performing module configured to perform the functions of modules (I) and (ii) 
repeatedly until the resulting hash block can fit in a single packet with a digital signature. 

45. A data structure stored in a computer readable medium for use by a processor in 
processing packaged data, the data structure comprising: 

a plurality of packets, each including data; 

a hash block including hash values resulting horn application of a hash function to the 
packets of data; and 

a digital signature appended to the hash block. 

46. A data structure having portions capable of being stored separately in a computer 
readable medium for use by a processor in processing data, the data structure comprising: 

a plurality of packets, each including data; 

a first hash block including hash values resulting fix)m 2q)plication of a hash function to 
the packets of data, the first hash block being larger than a predetermined size based on the size 
of a single packet and divided into hash block packets; and 

~ a second hash block including hash values resulting firom application of a hash function 
to the packets of hash values of the first hash block, the size of the second hash block being 
within an acceptable range of the predetermined size. 

47. The data structure of claim 46, further comprising: 
a digital signature appended to the second hash block. 
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